On February 21, 2014, Peter Hustinx, the European Data Protection Supervisor (“EDPS”), highlighted the need to enforce existing EU data protection law and swiftly adopt EU data protection law reforms as an essential part of rebuilding trust in EU-U.S. data flows.
Commission Safe Harbor Recommendations
In November 2013, following revelations of widespread government surveillance and access to EU personal data, the European Commission published an analysis of the U.S.-EU Safe Harbor Framework. The analysis included 13 recommendations for improving the Safe Harbor, a communication on rebuilding trust in EU-U.S. data flows and a communication on the functioning of the Safe Harbor.
Recommendations of the EDPS
In his Opinion on the Commission’s communications, Hustinx called for the following actions to help improve trust in EU-U.S. transfers of personal data:
- Adoption of a general omnibus U.S. privacy law;
- Effective enforcement of international data transfer mechanisms for the transfer of EU personal data outside of the EEA (including the Safe Harbor);
- A review and strengthening of the Safe Harbor program, in line with the Commission’s recommendations;
- The swift adoption of the package of EU data protection reforms;
- Clear and consistent EU reforms addressing (1) the regulation of cross-border transfers of EU personal data, (2) the processing of personal data for law enforcement purposes, and (3) conflicts of law; and
- Ensuring that the national security exemptions to the rights to privacy and confidentiality of communications, and to the protection of personal data, are used only where strictly necessary and are proportionate and in line with European case law.